The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

login, then it is vulnerable to session fixation

Download 5,76 Mb.

Pdf ko'rish

bet	360/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 356 357 358 359 360 361 362 363 ... 875

Bog'liq
3794 1008 4334

login, then it is vulnerable to session fixation.

■

Identify the format of session tokens used by the application. Modify

your token to an invented value that is validly formed, and attempt to

login. If the application allows you to create an authenticated session

using an invented token, then it is vulnerable to session fixation.

■

If the application does not support login, but processes sensitive user

information (such as personal and payment details), and allows this to

be displayed after submission (e.g., on a “verify my order” page), then

carry out the previous three tests in relation to the pages displaying sen-

sitive data. If a token set during anonymous usage of the application can

later be used to retrieve sensitive user information, then the application

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 356 357 358 359 360 361 362 363 ... 875